Idiot robot of the day
by Volker Weber
13890 hits from dslb-084-060-100-141.pools.arcor-ip.net last night between 4 and 6.
Get some sleep.
Comments
It's a violation again german data-security-law to post a FQND here for the public. You shouldn't do that. Even if you are 'not amused'.
Just out of curiosity: what's an FQND? And why is it forbidden to post one?
Fully Qualified Domain Name - and I have no idea why that would be illegal, nor how it could be enforced when that information is readily available by reverse DNS.
Because German privacy laws are very strict, even if they do or do not make sense: http://www.privacyinternational.org/survey/phr2003/countries/germany.htm
But the question is, is this really in the German laws? and would it apply to a privately owned web site?
Here you can find the german Federal Data Protection Act.
Look into Section 4 'Admissibility of data collection,
processing and use' and Section 4a 'Consent'. Among other things you can read there '...Consent shall be effective only when
based on the data subject's free decision.
He shall be informed of the purpose of
collection, processing or use and, in so far
as the circumstances of the individual case
dictate or at his request, of the consequences
of withholding consent. Consent
shall be given in writing unless special
circumstances warrant any other form. If
consent is to be given together with other
written declarations, it shall be made distinguishable
in its appearance...'
I am quite sure that vowe does not have the 'consent in writing' from that person (or the ISP) who had the ip at the moment when he pulled the site so often. So vowe is not allowed to save the data (any data) his webserver gave him unless he is cutting the ip out of the record.
I am very proud about this law even though I know that it is not perfect. And I adjure to anybody to respect it. I personally don't want to live in a country without privacy like UK or USA. So resist the beginnings and consider the end.
From what I know about the German privacy law is that it applies to "personen-bezogene" information, i.e. any data which is related to an individual. While obviously this FQDN was related to a specific person (the guy who was using the IP connection) at the time of the requests which caused the entry in vowe's log, vowe's data does not connect this piece of information to the individual. Hence according to my interpretation of German law it is not "personen-bezogene" information. This person's ISP though is required to store this information for a certain period of time to allow for crime investigations. But storing or publishing an IP address or a FQND is perfectly fine. As long as there is no logic association with an individual and this association can only be made by the ISP which obviously would violate privacy legislation if it made the individual's information public or would only store it longer than required by law.
If you wish, here are some IP addresses:
124.123.32.43; 12.54.23.34; 231.43.22.12; 23.54.12.54;
How would that violate anyone's privacy???
P.S.: Oh, and according to German law this individual has to be a natural person, while e.g. in Switzerland a legal entity is also entitled to its privacy.
All this to my best knowledge, not being a lawyer.
>This person's ISP though is required to store this information for a certain period of time to allow for crime investigations.
Thank's God, no. Saving IP's and their relation to customer data is only permitted for billing purposes. E. g. if you have a flatrate your ISP may not save any data because they are not needed for billing (flatrate). Germans biggest ISP (T-Online) just lost a corresponding law suit.
And "personen-bezogene informationen" - personal related data - is anything that helps me to identify a individual person. So the IP is personal ralated because I can go to court and (without much trouble) I get the adress of this person. But I also know that this is controversial discussed among lawyers.
Richard,
I am not a lawyer either, BUT, under Section 3(1):
'“Personal data“ means any information concerning the personal or material circumstances of an identified or identifiable individual (the data subject)'
Further, under Section 3(9) "Special categories of personal data"
means information on a person's racial and ethnic origin, political opinions, religious or philosophical convictions, union membership, health or sex life.
I think you would be hard pressed how posting the FQDN meets these definitions? It is impossible to get any information about the INDIVIDUAL because there is no way of knowing who the INDIVIDUAL on the other side of this FQDN is, or if it even is an INDIVIDUAL.
Christopher, that is easy: Go to court, file a suit that this IP at a given time violated your copyright (ore something else) and the State Attorney orders an inquiry and requests the data from the INDIVIDUAL who owned the IP at the given time. These date will be recorded in the files. Now your lawyer requests to access the records and - voilà - you have the INDIVIDUAL data.
Section C(6):
'“Rendering anonymous” means the modification of personal data so that the information concerning personal or material circumstances can no longer or only with a disproportionate amount of time, expense and labour be attributed to an identified or identifiable individual.'
Lawyers are not cheap!:-)
However it makes no sense to go on debating this. I am not German (German descent on my mother's side, but not German) and neither one of us are lawyers. So perhaps you or someone from Germany can get a definitive answer on this and post it for everybody's education.
What is interesting is that the law very carefully spells out what constitutes "Special categories of personal data", but leaves the general definition vague.
Richard
> that is easy: Go to court, file a suit that this IP at a given time violated your copyright (ore something else)
Yo, man ;) That's the very best way to get YOUR ass sued off. Did it occur to you that what you're suggesting there is a major offense because you're filing a suit on no grounds?
As it stands, there is no easy way for you or me or anybody else to find out who was the owner of the IP address belonging to the FQDN mentioned at any given time. Thus, it isn't data that needs to be protected in any special way.
Still, there's an off chance that there already are rulings by German courts that state otherwise. If you happen to know one, I'd be really interested in learning the case number(s).
Regards,
Stefan
If that -- publishing an IP address or the matching FQDN -- was illegal, IRC would be doomed. And e-mail would be, too. And a ton of other services that log, transfer and give away address-information.
Reminds me of the often asked question: How can I hide my IP address? My friends tell me that they could break into my computer using it!
Hey,
this information is no personal related data like the birthdate, driver lic. nr. etc!
The identity (like his name) is not a personal related data itself.
Volker can write an article about an (right now still unknown) person who tries too vioalte/abuse his system. Do you remember the Heidi Klum story and or better the story of her father last december? Or if you were hit by Mr. X than you are allowed to write a story about Mr. X who hit you.
The FQND is nothing more than the lastnames. Only the provider knows what identity belonged to that adress at that time - nobody else.
Wolfgang
Do robots have the right for privacy? Must look in my old Asimov books... And i think, it was a robot, sure.
As mentioned above, according to Germany privacy law, only natural persons have a right to privacy. In Switzerland legal entities also do, but I would doubt that this robot is a legal entitiy. But then again, the person using the FQDN might be and hence it all comes down to the same again.
Richard: Yes, you probably could go to court and accuse someone on no grounds. But first of all, as Stefan pointed out, this would be a major offense and you might get into serious trouble about this. And secondly, no reasonable German court would freely go about and research and release this information to you. Upon such a request there will be quite some investigations performed concerning the legitimacy of the request. Which in your case would probably reveal the falseness of the accusations and lead to the troubles mentioned in "first of all". Last time I checked, Germany still had a fairly well legal system. And I am saying that despite the fact that I watched "Menschen bei Maischberger" last night and again heard Mr. Beckstein and his visions on surveillance.
Richard,
I'm not a lawyer, let alone familiar with German law, so I won't comment on whether an IP address is "personen-bezogene informationen". However, I do have a question.
"Saving IP's and their relation to customer data is only permitted for billing purposes. E. g. if you have a flatrate your ISP may not save any data because they are not needed for billing (flatrate)."
and
"Go to court, file a suit that this IP at a given time violated your copyright (ore something else) and the State Attorney orders an inquiry and requests the data from the INDIVIDUAL who owned the IP at the given time. These date will be recorded in the files."
Which is it? One time you say they can't record it, and another time you say it is recorded...
Rod: I think both can be true in some way... They are only allowed to record it for billing purposes. And then, in case the subject's info is kept for billing purposes, it can be retrieved if required by legal investigations.
But actually, I am not that sure, whether the billing necessity is still a requirement. I am under the impression, that in the anti-terror legislation initiatives the ISPs were forced to record everyone's connection data for a certain time. But as I said, I am not that sure...
Well, some googling later (and reading yesterday's news a little more carefully would have helped, too), I found this: Bundestag soll massive Überwachung der Telekommunikation absegnen. Looks like the German parliament is still discussing how far they should go. But they seem to have to go some way to follow a EU directive, which is expected to be passed next week. I wouldn't be surprised if the German constitutional court would be concerned with that issue in the end.
vowe.net is not storing any personal information of users visiting the site. Period. Your browser is holding a cookie with the details that you fill in when posting a comment, but the site never asks for the cookie, unless you are looking at a form which utilizes this information.
If you do post a comment, the site stores your name, email, URL, the IP you posted from and the date/time of the comment. If you are engaging in any unlawful activities, this information will be turned over to the authorities.
